» formatfactory.exe
Overview
Analysis
File Details
Downloads (5)

formatfactory.exe

Setup

Tuguu SL

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application formatfactory.exe by Tuguu SL has been detected as adware by 30 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent.

File name:

formatfactory.exe

Publisher:

Tuguu S.L.U (signed by Tuguu SL)

Product:

Setup

Version:

2.0

MD5:

ba237c6338ab55d339598a8ca8490591

SHA-1:

f04b4993439ac4d985e16ce4c651be06dbcc8f9f

SHA-256:

a7ca6577bc1aae0810d92996272ab471755924b20599ad5a116322187b21cc2a

Scanner detections:

30 / 68

Status:

Adware

Explanation:

May bundle additional potentially unwanted software such as adware during setup.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

6/17/2024 11:10:56 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Dropped:Trojan.Generic.11269951

716

Agnitum Outpost

PUA.DomaIQ

7.1.1

AhnLab V3 Security

PUP/Win32.DomaIQ

2014.11.03

Avira AntiVirus

APPL/DomaIQ.Gen7

7.11.182.216

avast!

Win32:Installer-AE [PUP]

2014.9-150219

AVG

AdLoad.B

2016.0.3194

Bitdefender

Dropped:Trojan.Generic.11269951

1.0.20.250

Comodo Security

Application.Win32.DomaIQ.P

19980

Dr.Web

Trojan.Packed.24553

9.0.1.050

Emsisoft Anti-Malware

Dropped:Trojan.Generic.11269951

8.15.02.19.08

ESET NOD32

MSIL/DomaIQ (variant)

9.10661

F-Secure

Dropped:Trojan.Generic.11269951

11.2015-19-02_5

G Data

Dropped:Trojan.Generic.11269951

15.2.24

IKARUS anti.virus

PUA.DomaIQ

t3scan.1.8.3.0

K7 AntiVirus

Unwanted-Program

13.185.13866

Kaspersky

not-a-virus:AdWare.Win32.Lollipop

14.0.0.2463

Malwarebytes

PUP.Optional.BundleInstaller.A

v2015.02.19.08

McAfee

Artemis!BA237C6338AB

5600.6850

MicroWorld eScan

Dropped:Trojan.Generic.11269951

16.0.0.150

NANO AntiVirus

Trojan.Win32.Stealer.cwxrck

0.28.6.62995

nProtect

Trojan-Clicker/W32.Lollipop.236208

14.10.31.01

Qihoo 360 Security

Trojan.Generic

1.0.0.1015

Quick Heal

AdWare.Lollipop.r5 (Not a Virus)

2.15.14.00

Reason Heuristics

PUP.Installer.Tuguu

15.2.19.8

Sophos

Generic PUA EM

4.98

SUPERAntiSpyware

PUP.DomaIQ/Variant

10044

Trend Micro House Call

TROJ_GEN.R047C0EIC14

7.2.50

Trend Micro

TROJ_GEN.R047C0EIC14

10.465.19

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.3

VIPRE Antivirus

DomaIQ

34472

File size:

230.7 KB (236,208 bytes)

Product version:

1.2.2

Tuguu S.L.U

File type:

Executable application (Win32 EXE)

Bundler/Installer:

TUGUU DomaIQ Setup (using Nullsoft Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\cf213051b29e4088a264d24bad564de3\installer.exe\formatfactory.exe

Digital Signature

Signed by:

Tuguu SL

Authority:

DigiCert Inc

Valid from:

9/11/2013 8:00:00 PM

Valid to:

11/19/2014 7:00:00 AM

Subject:

CN=Tuguu SL, O=Tuguu SL, L=Adeje, S=Santa Cruz de Tenerife, C=ES, PostalCode=38670, STREET=Calle Bentinerfe (Pol Industrial De La Atala) 35, SERIALNUMBER=B76539535, OID.1.3.6.1.4.1.311.60.2.1.3=ES, OID.2.5.4.15=Private Organization

Issuer:

CN=DigiCert EV Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0C6B6125B506B75A743332123041C893

File PE Metadata

Compilation timestamp:

12/5/2009 5:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:Vsr8nDyb54A0IHom40VIkb9Ic3gk38mb1LBS0Yv:8+I50IHV1XIMpMmb1Lof

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

7.7971

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file formatfactory.exe has been seen being distributed by the following 5 URLs.

http://www.capitalvaultsbits.com/H9XXputZH_Of2i6ablbwonFfk0pn5ohrZ3YPU6pUWvsryH33gCrLZ4AzorzYNwJWGn7pDn GegLMSPMOhjyw01yTgT_weMCzaSj4CvKiiUifdalNUIVtOELYpleJVsMfBPZN N387Wiahw42PqWAZxZikBEz_PPiuU_8Sc2eqBSMemBWokRGR9XUtC0IV6Tda nuCIDN6sFEgMNrlCtUX3YgrbqJOw==-GzEAAEQnh_bDkdqlqEMSOOSA_VtZGkQabIyd65DoRWpj5Bt2gpdjrmFa97SXT XSAQ==

http://www.capitalvaultsbits.com/xCUG40yg2QzFBLKCQIvFJRS 4P6g4EmMGKXaoUUOkJcFeXnpWoSZ8ibmypuooDEIaU84V7VSulHY368yQSvRvrQDPsdVCQCiQ8dThDdihqtmOQmCc_EWLYqB0sFrpDMY0_VDuURoNCARyJ9sG7PviiIz7go5cGMO9aQVWzLnJwMNXkWhMvKDL7nJ2oeuTc1zPo_CkXgrDgQ3tCaSS4BokCSSNstXAg==-GzEAAEQnh_bDkdqlqEMSOOSA_VtZGkQabIyd65DoRWpj5Bt2gpdjrmFa97SXT XSAQ==

http://www.capitalvaultsbits.com/Z3kxV4INzAP_98VkYwujua1ZJNnH37sexSNQtX _j0To_Qm4hyYiWK6ivhA7f9Oqqh9R8PerI3ujVRJz LofcDJllRgyrKMXt9ZaWmFZpY4AJQgmf4OmVD51lkgb6WPOhyrEz8D7Dk1fHMZqhvc9 0aRFfOsiXQAnjWyBlNTEDw4X_XqYwiSeEclNORkNLux_WATsRXvtlEI5oyhp2vZYzEgOKMbjw==-GzEAAEQnh_bDkdqlqEMSOOSA_VtZGkQabIyd65DoRWpj5Bt2gpdjrmFa97SXT XSAQ==

http://www.capitalvaultsbits.com/WVl6OTRQV1pxUkhSRlUxbE5hbXBTYUNVeVJrZEdTRXBuVEcxVlVTVXlSbXQ1Tms5RGQwSTNVRnA2WVhwR1kyRnZka2s0SlRORUptTTlaa2hGUldaR0pUSkNhbGRuVkRWYWJIRTJRbGQ2UW5VbE1rSmxWV0Z2YXpGRU9FRkNSRUp1YXlVeVJucHhZU1V5UW1OTVNDVXlRblkwT0hwWWJERnpWVXh1VEcxRGFtaFBiazFsVm1selJYbHFiazFzVmtwTE9WSmpZM1ZLZUcxNFFuQTNVM05ZU0djelFrSnlUR1p6Vm1oR01USm1jMFpyVGsxeWMwSXdkbmRWYlZoM1J6VmpSSHBQVjJSQk5GWTVlalpVVTFKRk1FWm5kRXRMV1dwVlp5VXpSQ1V6UkNabFBUQW1aRzkzYm14dllXUkJjejFHYjNKdFlYUXJSbUZqZEc5eWVTdFRaWFIxY0M1bGVHVW1abUZzYkdKaFkydGZkWEpzUFdoMGRIQWxNMEVsTWtZbE1rWjNkM2N1Wkc5M2JteHZZV1JtY21WbE55NWpiMjBsTWtacFl5VXlSbVp2Y20xaGRHWmhZM1J2Y25rbE1rWnBibVJsZUM1d2FIQT0=

http://cdn.downtoad.com/.../formatfactory.exe

Remove formatfactory.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.